[Privoxy-users] Suppressing/modifying some browser fingerprints (ie. Am I Unique?)
Ian Silvester
iansilvester at fastmail.fm
Wed Jul 15 12:56:04 UTC 2020
Hi there,
It used to be the case that browser fingerprinting was limited to the user-agent string in the HTTP header, and it is possible to modify this using the +hide-user-agent action (see https://www.privoxy.org/user-manual/actions-file.html#HIDE-USER-AGENT), however this only allows you to replace the user-agent string for all clients on your network with one single fake user-agent. This does not prevent fingerprinting, but rather changes your fingerprint. This is good for preventing certain client-specific attacks, but does not help against unique advertising.
Further, fingerprinting now leverages the Javascript DOM within the browser to identify all manner of other features of your machine (such as the audio configuration). It is possible to entirely block Javascript (which some here do), which would be very effective against fingerprinting, but obviously breaks navigation on many web sites. Privoxy can, in theory, filter Javascript (it is, after all, simply strings of text like any other), but in practice unless all web sites were to use common libraries of fingerprinting code that could be (ironically) fingerprinted by Privoxy, this is impractical.
In my opinion anti-fingerprinting is best done with add-ons within the browser, which get greater control of what the browser is giving up to web sites. I recall having seen one for Firefox that randomizes the user-agent, for example, and am reasonably certain that others exists that go deeper/further in randomizing the features of your machine that are exposed by Javascript.
HTH,
Ian
On Wed, 15 Jul 2020, at 07:25, U.Mutlu wrote:
> Hi,
> is it possible with privoxy to suppress or modify some critical browser
> fingerprints to prevent a unique identification of the user/machine ?
>
> The following site analyses the browser fingerprints and tells which
> of the data can be used to uniquely identify a person or his system:
> https://amiunique.org/fp
> (the above site is referenced in this article:
> https://askleo.com/supercookies_and_evercookies/ )
>
> In my case it says for example the following:
> "
> Media devices Unique
> audioinput : default
> audioinput : 2da75f.... (a 64 characters long hex number, maybe a hash)
> ...
> audiooutput : default
> audiooutput : 91f17d... (a 64 characters long hex number, maybe a hash)
> ...
> "
>
> Of course these numbers can be used as static identifiers, so IMO one should
> be concerned.
>
> Is it in privoxy possible to suppress the sending of this (and similar)
> information, or sending a fake or random string instead?
>
> _______________________________________________
> Privoxy-users mailing list
> Privoxy-users at lists.privoxy.org
> https://lists.privoxy.org/mailman/listinfo/privoxy-users
>
More information about the Privoxy-users
mailing list